aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Enable secure boot on picard

Browse source
This commit is contained in:
Andrea Ciceri 2024-09-22 10:17:30 +02:00
parent 43a76ca3d7
commit 42c594e32e
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
3 changed files with 184 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/picard/default.nix
View file

@ -129,12 +129,15 @@
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot = {
enable = lib.mkForce false; # needed by lanzaboote
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 20;
};
# boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_8;
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_10;
networking.hostId = "5b02e763";